007ea322a6492d46f1565ef58a0c49f5b468ff20 depends: switch to building libqrencode with CMake (fanquake)
884330c0a57ce839d48606dc2de3928869b31b7d guix: make cmake-minimal a global requirement (fanquake)
Pull request description:
Switch to building libqrencode with CMake. Note that upstream (https://github.com/fukuchi/libqrencode) hasn't seen any activity for ~4 years, so the odds of getting anything upstream seems low, but I've made two minor changes to the source here, which I will PR in any case.
From an initial look I couldn't find any significant difference between the Autotools and CMake produced libs. As part of this change we move cmake-minimal in Guix into the global package set.
ACKs for top commit:
TheCharlatan:
ACK 007ea322a6492d46f1565ef58a0c49f5b468ff20
Tree-SHA512: c784f790ddea958082c8ae96d3744bdf99331a8799765f9d44f00861b8e2cfcab1a88a3d64af5b10e51a8d5938d55eb6a3d271790b565e50492a39d00dc0e30f
7a0b129c41d9fefdbc20d6d04983dd87bb8379e7 guix: patch NSIS to remove .reloc sections from install stubs (fanquake)
Pull request description:
With the release of binutils/ld 2.36, ld swapped to much improved
default settings when producing windows binaries with mingw-w64. One of
these changes was to stop stripping the .reloc section from binaries,
which is required for working ASLR.
When we switched to using a newer Guix time-machine in #23778, we begun
using binutils 2.37 to produce releases. Since then, our windows
installer (produced with makensis) has not functioned correctly when run on
a Windows system with the "Force randomization for images (Mandatory ASLR)"
option enabled. Note that all of our other release binaries, which all
contain .reloc sections, function fine under the same option, so it
cannot be just the presence of a .reloc section that is the issue.
The root cause of the problem is that when we compile NSIS (makensis), a number
of exe installer stubs are produced at the same time, for use later when makensis
is actually run. Given the new linker defaults, the stubs will contain .reloc sections,
when previously they would not. It seems that, in combination with how makensis
mutates the stub when it actually builds the installer, causes the problem.
According to upstream, https://sourceforge.net/p/nsis/bugs/1131/#abb6:
> Looks like the problem is the very existance of the .reloc section.
> It's not supposed to be there, and makensis doesn't handle it.
The most recent .reloc related upstream activity is in
https://sourceforge.net/p/nsis/bugs/1283/, where the conclusion again seemed to
be that .relo sections are not wanted, but there hasn't been any further follow up.
For now, restore pre-binutils-2.36 behaviour, by passing `-Wl,--disable-reloc-section`
to the linker when building the installer stubs, which fixes the produced installer.
The underlying issue can be further investigated in future.
.reloc section stripping is something we've accounted for previously,
see #18702, and related upstream discussion is in this thread:
https://sourceware.org/bugzilla/show_bug.cgi?id=19011.
Fixes#25726.
Guix Build (x86_64):
```bash
7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503 guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz
c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part
b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip
341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe
1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz
28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip
```
Guix Build (arm64):
```bash
7e0723388913ac1ec9f650b943c6b23351ba0cd921c0ec830abf16b16724d503 guix-build-7a0b129c41d9/output/dist-archive/bitcoin-7a0b129c41d9.tar.gz
c3bb9c68895ffafa2900b0d18c1268e299d012a7dc70593f20f9900cf116eb05 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/SHA256SUMS.part
b57aa99c242b0aae64653c64ada38f6d3f0cbd902bbc096d3dc529fdcf87d681 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-debug.zip
341d99afc9961299883be6cd9666e8bc0f3f6296cff758719a32d27419acad36 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-setup-unsigned.exe
1d9ef48d3c9ed93a925962356b41cdaeb9d09fd758de193cd4d5f4d1ec6791eb guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64-unsigned.tar.gz
28c81d99a9a4bd6648449393f91db213369e958add579ba9e9a1721540d2c4f7 guix-build-7a0b129c41d9/output/x86_64-w64-mingw32/bitcoin-7a0b129c41d9-win64.zip
```
ACKs for top commit:
achow101:
ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7
hebasto:
ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7
jarolrod:
ACK 7a0b129c41d9fefdbc20d6d04983dd87bb8379e7
Tree-SHA512: 9e14e98207d20236b833603319fc4bb335c878a7c179ab495b33d143e2a900c6926125536bbb7499ee4f0f676cd5ea45c8c86cd7e544ed9a76bb298f98db6197
4becee396f3bda40832138dd1aaa90368ed31857 guix: combine and document enable_werror (fanquake)
Pull request description:
Combine into `hardened-glibc`.
Document why we don't use `--disable-werror` directly.
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
> By default, the GNU C Library is built with -Werror. If you wish
> to build without this option (for example, if building with a
> newer version of GCC than this version of the GNU C Library was
> tested with, so new warnings cause the build with -Werror to fail),
> you can configure with --disable-werror.
ACKs for top commit:
hebasto:
ACK 4becee396f3bda40832138dd1aaa90368ed31857, the diff is correct.
TheCharlatan:
ACK 4becee396f3bda40832138dd1aaa90368ed31857
Tree-SHA512: 8724415f51b4d72d40c4e797faf52c93a81147fb629332b9388ffd7f113f2b16db3b7496bf3063dd978ac629fd5bde3ec7df4f1ff1ed714cb56f316a9334d119
127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13 guix: pass --enable-initfini-array to release GCC (fanquake)
Pull request description:
This returns us to pre-Guix behaviour, where the compilers we were using to build releases, were configured with this option.
> [--enable-initfini-array](https://gcc.gnu.org/install/configure.html)
> Force the use of sections .init_array and .fini_array (instead of .init and .fini) for constructors and destructors. Option --disable-initfini-array has the opposite effect. If neither option is specified, the configure script will try to guess whether the .init_array and .fini_array sections are supported and, if they are, use them.
ACKs for top commit:
TheCharlatan:
ACK 127c637cf0a80e0ea68a7c5aaa088e5ccc9d3d13
vincenzopalazzo:
utACK 127c637cf0
Tree-SHA512: fa61227054d52d4dfb4524af3888203a501f680661bdef00bb0970d4e8f7c96cf7f592686c4795be5a0debca267b8e564a4960859297c31f6b261c0729238382
0cd7928133eb8a605979c6338bbcbcb116cfa669 guix: use git-minimal over git (fanquake)
Pull request description:
From the [git-minimal package definition](https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/version-control.scm?id=998eda3067c7d21e0d9bb3310d2f5a14b8f1c681#n597):
> The size of the closure of 'git-minimal' is two thirds that of 'git'.
> Its test suite runs slightly faster and most importantly it doesn't
> depend on packages that are expensive to build such as Subversion.
We don't need any git functionality above the basics, so switch to `git-minimal` and save CPU when building the package, while also pruning the greater dependency graph (see `dependencies:` below). Note that git-minimal also lists `riscv64-linux` as a supported system, where `git` does not.
```diff
-name: git
+name: git-minimal
version: 2.37.3
outputs:
-+ send-email: see Appendix H
-+ svn: see Appendix H
-+ credential-netrc: see Appendix H
-+ credential-libsecret: see Appendix H
-+ subtree: see Appendix H
-+ gui: see Appendix H
+ out: everything else
-systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux i686-linux armhf-linux powerpc-linux
-dependencies: asciidoc@9.1.0 bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 docbook-xsl@1.79.2 expat@2.4.1 gettext-minimal@0.21 glib@2.70.2 libsecret@0.20.4 openssl@1.1.1l pcre2@10.37perl-authen-sasl@2.16perl-cgi@4.52
-+ perl-io-socket-ssl@2.068perl-net-smtp-ssl@1.04perl-term-readkey@2.38 perl@5.34.0 pkg-config@0.29.2 python@3.9.9 subversion@1.14.1 tcl@8.6.11 tk@8.6.11.1 xmlto@0.0.28 zlib@1.2.11
-location: gnu/packages/version-control.scm:222:2
+systems: x86_64-linux mips64el-linux aarch64-linux powerpc64le-linux riscv64-linux i686-linux armhf-linux powerpc-linux
+dependencies: bash-minimal@5.1.8 bash@5.1.8 curl@7.79.1 expat@2.4.1 gettext-minimal@0.21 openssl@1.1.1l perl@5.34.0 zlib@1.2.11
+location: gnu/packages/version-control.scm:608:2
homepage: https://git-scm.com/
license: GPL 2
synopsis: Distributed version control system
```
Guix Build (x86_64):
```bash
da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69 guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232 guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61 guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451 guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1 guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1 guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909 guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13 guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
```
Guix Build (arm64):
```bash
da4adca0304f19833893867418c8827e0213c58a1b605753355340a5f270754a guix-build-0cd7928133eb/output/aarch64-linux-gnu/SHA256SUMS.part
38c2b5f8e560018911ed776660fcd2aa8b6061a59af26118f06e23c9a335e80c guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu-debug.tar.gz
de117782318d6e0ed55efaae7b2f11d033fe05e7a72fbda3ef7bbcbc758add69 guix-build-0cd7928133eb/output/aarch64-linux-gnu/bitcoin-0cd7928133eb-aarch64-linux-gnu.tar.gz
6ae8ebfac28c43488b9aa386b9a87937789a57e54dc1d77a9c7b95323a417abc guix-build-0cd7928133eb/output/arm-linux-gnueabihf/SHA256SUMS.part
97f5d9d14eeb4b2926304c142fa6c46b7126524b8f836655704f5643b58b9436 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf-debug.tar.gz
37815ea73941cf0a870e5ac4aafe9249a63ed1eeaa37440de23c2d9bf2b77be8 guix-build-0cd7928133eb/output/arm-linux-gnueabihf/bitcoin-0cd7928133eb-arm-linux-gnueabihf.tar.gz
64cd484fa48968dc7063c4f501e1ff62d1ba46ae9975bfa060a3c88e2a98d232 guix-build-0cd7928133eb/output/arm64-apple-darwin/SHA256SUMS.part
4e7e0daaf0ac1b5ed5a7e5ee8085e5e6446c48e70161f78938acd0e916c55729 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.dmg
0f2b534d16482e536552c7b3de605bd71997b898755fe5a9ac39b36aea2698b6 guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin-unsigned.tar.gz
03cd1f509c60919c2ad1503d2f98be444c9770b62c4d303cb4cbdc1100ce131d guix-build-0cd7928133eb/output/arm64-apple-darwin/bitcoin-0cd7928133eb-arm64-apple-darwin.tar.gz
1e28183c1c314921a8404b72283bb861dff28061310c18535618683b097e7e61 guix-build-0cd7928133eb/output/dist-archive/bitcoin-0cd7928133eb.tar.gz
0f6459568d0369528ad35622d5378feccdac319eed618418841c22cc137cbd05 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/SHA256SUMS.part
1cf0c8a48add60082c381935630b59a0bd483a7eda97f04b72dcb05143135109 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu-debug.tar.gz
5332f148efa1579b077747c8c7d6c763d31804d4ac454abaf34a3e2374c9b6b2 guix-build-0cd7928133eb/output/powerpc64-linux-gnu/bitcoin-0cd7928133eb-powerpc64-linux-gnu.tar.gz
5fc03945c2ab86ba43395ccf32cf4b338dcceb446e106c0f6e660dac47224183 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/SHA256SUMS.part
5cfabdb27dc8fb7de402c558e5f962ac4fdaf2c344d201f27f7ed1370a550407 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu-debug.tar.gz
ba265df6803d472434ecb3ad44983965a5eca1ccd42fea64760309ff70d17ee5 guix-build-0cd7928133eb/output/powerpc64le-linux-gnu/bitcoin-0cd7928133eb-powerpc64le-linux-gnu.tar.gz
ff40a374f215eb3010291569b8ed1958054e408469fc8b2fe97a30cca0ad5451 guix-build-0cd7928133eb/output/riscv64-linux-gnu/SHA256SUMS.part
7b7b89ac1905d58f1e96a7840c018a556c472015a44442d0742bf758cb5f67ca guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu-debug.tar.gz
10431bd8ffca82dd9c59f568272a1e7473cf474996f750d9bed4b576591fcff1 guix-build-0cd7928133eb/output/riscv64-linux-gnu/bitcoin-0cd7928133eb-riscv64-linux-gnu.tar.gz
4ef532d8dbe42900146a5b3e02de2a6a59d66b3c66a4b9d919d3aeb0e9637ab1 guix-build-0cd7928133eb/output/x86_64-apple-darwin/SHA256SUMS.part
77a1abe4139c19d227309216e29cf55dae06c4469412b457c9f0e8cf1eccc25c guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.dmg
33028b640efab25648d0ec1abe9e91abc983706623ca9e2e7ac5fbfca0970909 guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin-unsigned.tar.gz
e10d2d5617b8b1a33a622d5904d2bd8eaf57a5b3605e22ef916a57105db2311e guix-build-0cd7928133eb/output/x86_64-apple-darwin/bitcoin-0cd7928133eb-x86_64-apple-darwin.tar.gz
bf65d3574afed2e017c9625d38cc31e0f2cbb7f1e8a9ce346644ea3dbb938d13 guix-build-0cd7928133eb/output/x86_64-linux-gnu/SHA256SUMS.part
ce3810e70c97b2698822e4f46fa64dfa12353f7b54400e671b64868e3e4d3472 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu-debug.tar.gz
4055370c15b199d1efef47cc262d9c43a3652dcd237a9434197ca3be4931b1d2 guix-build-0cd7928133eb/output/x86_64-linux-gnu/bitcoin-0cd7928133eb-x86_64-linux-gnu.tar.gz
e59ed970d1db5d4839fa67957945628f6919ef5491f4a595f89ed3d8c81f1a76 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/SHA256SUMS.part
19c443fab5cb2fe75c9a5ad51fc022c97e31d7d69e049a889bd06f740f8daf78 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-debug.zip
88f6ca5d299080114532ec550c59eca4a3cdb759d9ea35cb14eba0b135e72436 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-setup-unsigned.exe
bcdb0b7467d3e47a694e51e9bfbaab9d5dc7162efe6c6bf4c303d368272c0cc6 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64-unsigned.tar.gz
db1d4bbfab53405080d3abd09d1f05b2642ed513f6d8fcb5d92b9d0b32745293 guix-build-0cd7928133eb/output/x86_64-w64-mingw32/bitcoin-0cd7928133eb-win64.zip
```
ACKs for top commit:
hebasto:
ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669, I have reviewed the code and it looks OK. I have also checked out the usage of the `git-minimal` in the `git-download` Guix module which is being used. Did not compare actual build dependences while building from scratch.
jarolrod:
ACK 0cd7928133eb8a605979c6338bbcbcb116cfa669
Tree-SHA512: f949c4d2f9560f98b8a418a981da38bbb9cfee5d0814bea6bb676b7193f3cbddafd23a92f852ee59c6a68c9c282095e6368cb65c5f2352b2ab54f9692575349c
2c9eb4afe1f583aafa552b2711b149f17ef8320f guix: use cmake-minimal over cmake (fanquake)
1475515312856afe3f19a95f2c32bc80c7c54484 guix: use coreutils-minimal over coreutils (fanquake)
444562141504ff7f0bb071d6e7bf7f511517e372 guix: use bash-minimal over bash (fanquake)
Pull request description:
Minimal versions of the same packages, that should still be sufficient for our use:
> (define-public bash-minimal
;; A stripped-down Bash for non-interactive use.
> (define-public coreutils-minimal
;; Coreutils without its optional dependencies.
> ;;; This minimal variant of CMake does not include the documentation. It is
;;; used by the cmake-build-system.
(define-public cmake-minimal
ACKs for top commit:
TheCharlatan:
ACK 2c9eb4afe1f5
Sjors:
tACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
achow101:
ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f
hebasto:
ACK 2c9eb4afe1f583aafa552b2711b149f17ef8320f,
Tree-SHA512: f91ca9e088b8346b20c2affc80870c31640de3aedcfcc0fb98a5e82c77ef64537870b88552f26759d31d8d0956b1fd685e6c25d5acbc92f5feaececd1a7dd37e
d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce guix: use python-minimal (3.9) (fanquake)
Pull request description:
This further minifies the Guix release build environment.
ACKs for top commit:
TheCharlatan:
ACK d0e571ebb187
hebasto:
ACK d0e571ebb187d7c4c2821f1334cb2dd4222dd8ce
Tree-SHA512: 0a8aa9ae861107f106c3b9c41f78ffbaf0e71e3c61f6d96e5c82415b4570b8ac85d6578d37cd0df0ec315c1c9f35fc90b281f139271ccfd15a1495ba76166789
56e79fe683d36c1944e52326fae3bcc4cb7deec7 guix: use --build={arch}-guix-linux-gnu in cross toolchain (fanquake)
Pull request description:
Technically we are always cross-compiling when Guix building, so make that explicit. `{arch}-guix-linux-gnu` is not a triplet that should be used in any other capacity, but here it serves the purpose of ensuring, that by setting `--build` to something other than `--host/--target`, we are always cross-compiling (in the eyes of autoconf etc) when building our cross toolchains. It looks like `x86_64-linux-gnu` on `x86_64-linux-gnu` currently works because of the triplet canonicalisation, i.e `x86_64-linux-gnu` becomes `x86_64-pc-linux-gnu`, and GCCs configure thinking it's cross-compiling, whereas the same canonicalisation doesn't happen for `aarch64-linux-gnu` so we don't get a cross-compile when building on aarch64.
Fixes: #22458.
Guix Build (x86_64):
```bash
e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3 guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824 guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24 guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514 guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537 guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0 guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
```
Guix Build (arm64):
```bash
e590e67d2b151e7d079f50393c61cacf9e65f5e3fdddc10bffd5dbb59cd9f5e3 guix-build-56e79fe683d3/output/aarch64-linux-gnu/SHA256SUMS.part
9222a733209dc73168722ee0f290831d1723f7ed55abc1e243dd3892ef9733f1 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu-debug.tar.gz
a4ec01411195412e9a483397554d98b2db161a6be8aceee2dac78f0015f2a8e5 guix-build-56e79fe683d3/output/aarch64-linux-gnu/bitcoin-56e79fe683d3-aarch64-linux-gnu.tar.gz
a4ff8f2538c1b3a63a3e7c92699c18164b2c4954ebd72c4a854bf7844e6131b6 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/SHA256SUMS.part
ac6e4dffcf6f49dac73d3677f3fe5edb08ee1127648bc7ec24b217f48a3a4d21 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf-debug.tar.gz
ab26467fce9732596b1713179618eee20c2bd44875dc1c39f9afd68f135e8ce4 guix-build-56e79fe683d3/output/arm-linux-gnueabihf/bitcoin-56e79fe683d3-arm-linux-gnueabihf.tar.gz
f44108d818d53ee7e70b44361cb3cc6841b7aecbe4fade1fa289263718620824 guix-build-56e79fe683d3/output/arm64-apple-darwin/SHA256SUMS.part
29adfb2d575be8b5a7092b2aff888af2084ad5783bdc74ae3de4b2dd84da7a26 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.dmg
3d7640f604bd27cb1ae47853d70378a7631aa436b5c027eae31fa06d4dd20d4a guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin-unsigned.tar.gz
3f8d8fc49cf722a7a13640872762d045c14efd610fba908f0acc99a99032b903 guix-build-56e79fe683d3/output/arm64-apple-darwin/bitcoin-56e79fe683d3-arm64-apple-darwin.tar.gz
b8df097e10e7acded8556a5681da2b0132c0d509b200792f5584c186b8dcaf24 guix-build-56e79fe683d3/output/dist-archive/bitcoin-56e79fe683d3.tar.gz
1a605c563038107b88e8d859fa045ca3087241340264eb7125e97b3af36874db guix-build-56e79fe683d3/output/powerpc64-linux-gnu/SHA256SUMS.part
d10be89a816ee2f47bf778ef4aaa8a7b548403c123a4b4b3aa0470ee7b9472d2 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu-debug.tar.gz
839dd079d677c87a91ccc28f6c423657d98212350d3693ae2facb92082d10c88 guix-build-56e79fe683d3/output/powerpc64-linux-gnu/bitcoin-56e79fe683d3-powerpc64-linux-gnu.tar.gz
200d7a72a7901b6788e70aa1c6fbbe16144e9dac29beb06242a9dcfe1e88acbe guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/SHA256SUMS.part
3d207bb57dc45f234d804a9ee615001aa28ac4b59b530a1e7d16d0a72c2ea514 guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu-debug.tar.gz
16a789c98409d36bd6b69a5ca38cd8886979f50f845265dc0b005c92286a3e4f guix-build-56e79fe683d3/output/powerpc64le-linux-gnu/bitcoin-56e79fe683d3-powerpc64le-linux-gnu.tar.gz
e48f6fae9c2ffeb2bf02ffc073ac69648b2ce4ba87e0ad7a3a5059abf33b8ce2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/SHA256SUMS.part
fa8d66af5f202e0c8968114af4dcd6d88099eb91d197dfaaa0144f8ae6b12f4a guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu-debug.tar.gz
86cffa62687f4272c899897ff6c1a86e1a7bdbbb7ab09a085b7b1122d3a1f1b2 guix-build-56e79fe683d3/output/riscv64-linux-gnu/bitcoin-56e79fe683d3-riscv64-linux-gnu.tar.gz
e42a7c33da6ea4be5d0826df097bdc7e919c9fd6642e7d59fe3d45a97d9009fa guix-build-56e79fe683d3/output/x86_64-apple-darwin/SHA256SUMS.part
2f9faa88fa0025b9bfade83177b1f50833dc6c3be1ef26c4d5881aa165bcc537 guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.dmg
fdfe560968c85500dc886d4e12b851cd27a76de860b8cbf1fb6aac95ccd0582e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin-unsigned.tar.gz
c3c75560befd72a9f13f5626ddf39c63ad25fb9753a4d941e48830b7e06f143e guix-build-56e79fe683d3/output/x86_64-apple-darwin/bitcoin-56e79fe683d3-x86_64-apple-darwin.tar.gz
38100946ec1469fdd31aa8ea9e471b317dc278c298c106289c119016c2c0caa0 guix-build-56e79fe683d3/output/x86_64-linux-gnu/SHA256SUMS.part
67890771aad89dc0d20b8dcdc6b29bd838ace310e8bcbbc0d16d7afc87d3a474 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu-debug.tar.gz
a9772b40c8b9d3c1a0bf9c9db2a60050415bf6a9bd4a19cfd8a038f4a1e712e3 guix-build-56e79fe683d3/output/x86_64-linux-gnu/bitcoin-56e79fe683d3-x86_64-linux-gnu.tar.gz
01da0561f2c3a268c28615b1573dfdecb6346bf3f8eba7a052488191234ac1d6 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/SHA256SUMS.part
71324ac0f6fc8163e41031b2fd2d38d2e15bfd5ef4efe4cb45d7974fad474394 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-debug.zip
219b58281d3c79b2ed7e9085b1e15d7e021fd3899ef07a6ad747058b43d64443 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-setup-unsigned.exe
fe838d32587c2f942fcd9f9a0b3735611b686a867e2d2040cf3a8aa6a43d09fe guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64-unsigned.tar.gz
13b537217a13293b93afd7c588b3733955c3188f79a3249b363fb4e885b74b32 guix-build-56e79fe683d3/output/x86_64-w64-mingw32/bitcoin-56e79fe683d3-win64.zip
```
ACKs for top commit:
hebasto:
ACK 56e79fe683d36c1944e52326fae3bcc4cb7deec7
Tree-SHA512: 628ab6cda80069ad277107639bef21b44a8417198862e9ec89b45a2c41741d29aeb79aa58c5a90283fb96cf707494ae948ac790abde809bb18c86b14af999200
b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34 guix: ignore additioanl failing certvalidator test (fanquake)
Pull request description:
Backports 8588591965 from #24057 so that from-scratch Guix builds for the Darwin host aren't broken due to a (very recently) expired certificate causing one of the python-certvalidator tests to fail. Kept separate from #23276 because that hasn't gotten review attention, and I don't think we should leave `22.x` Darwin Guix builds broken for any longer than we have to.
Fixes#24110.
```bash
======================================================================
ERROR: test_revocation_mode_soft (tests.test_validate.ValidateTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/test_validate.py", line 85, in test_revocation_mode_soft
validate_path(context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/tmp/guix-build-python-certvalidator-0.1-1.e5bdb4b.drv-0/source/tests/../certvalidator/validate.py", line 358, in _validate_path
raise PathValidationError(pretty_message(
certvalidator.errors.PathValidationError: The path could not be validated because the end-entity certificate expired 2022-01-14 12:00:00Z
```
Guix Build:
```bash
bash-5.1# find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
359755bffecc64b4c005c5cdee3824190f6b1759dbc6c20034476dcc06413959 guix-build-b7ecef1ddf0c/output/dist-archive/bitcoin-b7ecef1ddf0c.tar.gz
0c6700270ec75991d70a97cad77e22cc00553f812edb56c1bac5ef6421f963e1 guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/SHA256SUMS.part
87d4637a87959a304422550edf87feda3953d7305894154a6a2d413cc0dd2034 guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.dmg
9cabae32689bd5f93e7faaaf341827f1c4069a63ab6f74276564e47819343b6c guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-osx-unsigned.tar.gz
bb5fb113bc022a305e49783d0ba48be90aca61e4a942beeb45206dbc5b91ca6e guix-build-b7ecef1ddf0c/output/x86_64-apple-darwin/bitcoin-b7ecef1ddf0c-x86_64-apple-darwin.tar.gz
```
ACKs for top commit:
MarcoFalke:
Concept ACK b7ecef1ddf0c9f1f53ab220bee2e19a6b8978e34
Tree-SHA512: 8f761fece405b3b974b9f42ab4ebf8995d3284ce7bfb0556ff8459e1a7d30f8bd2f407cb5651e9fa1094c493148bba7a8918a251b54a83efe12acfaf3d39f350
e6a94d44469f90f4dc88a07a5a8587730811c705 guix: Bump to version-1.3.0 from upstream (Carl Dong)
90fd13b954a364963f58e6cd12962c6f1986f79b guix: Pin kernel header version (Carl Dong)
Pull request description:
```
- Use 4.19 for riscv64 (earliest LTS release w/ riscv64 support)
- Use 4.9 for all others (second-oldest LTS release, released in
combination with glibc glibc 2.24 in Debian stretch)
```
```
The chosen commit is the HEAD of Guix's version-1.3.0 branch as of July
15th, 2021.
Also fix visual indenting.
```
-----
This + the documentation PR should make our Guix system ready for release!
ACKs for top commit:
MarcoFalke:
review ACK e6a94d44469f90f4dc88a07a5a8587730811c705 to change to vanilla guix. Did not review the kernel change.
laanwj:
ACK e6a94d44469f90f4dc88a07a5a8587730811c705
fanquake:
ACK e6a94d44469f90f4dc88a07a5a8587730811c705
Tree-SHA512: a175e4ddb3ee786a39f5e800ce336932ad2f6797a3a28400a6f723875d0f19833fd36cedc41b3580e4604110517211bd9f557be36adf7265fd8e591c434ae032
647f7e5f1da1089d451f3c431efc635b8e87b064 guix: Also sort SHA256SUMS.part (Carl Dong)
dc4137a60c99979b89f75d2bddba96d043f387b8 guix: Build depends/qt with our platform definition (Carl Dong)
16b0a936e15b81710755303e11ef51f608b61475 guix: Rebase toolchain on glibc 2.24 (2.27 for riscv64) (Carl Dong)
Pull request description:
After this PR, we'll have the following:
- riscv64 -> build with a toolchain targeting glibc 2.27
- everything else -> builds with a toolchain targeting glibc 2.24, but will not have symbols > 2.17 (checked by `symbol-check.py`)
ACKs for top commit:
achow101:
reACK 647f7e5f1da1089d451f3c431efc635b8e87b064
hebasto:
ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
MarcoFalke:
review ACK 647f7e5f1da1089d451f3c431efc635b8e87b064
fanquake:
ACK 647f7e5f1da1089d451f3c431efc635b8e87b064 - documentation can be fixed shortly.
Tree-SHA512: ddff57a5d7c053687b0a273720d4ad7d28c6fc8816226d4304869284d017af5e3630d4b57565d91e74f2e1b7583c9c83ee8b2e5e70e41d619ab618e602c97a94
e2c40a4ed5272d72fea997bd936fba28bb753226 guix-attest: Error out if SHA256SUMS is unexpected (Carl Dong)
4cc35daed557f38b080360a89036b2e97a6f78c2 Rewrite guix-{attest,verify} for new hier (Carl Dong)
28a9c9b83924f585b397f0f3b8e9e73780ac0ad6 Make SHA256SUMS fragment right after build (Carl Dong)
Pull request description:
Based on: #22075
Code reviewers: I recommend reading the new `guix-{attest,verify}` files instead of trying to read the diff
The following changes resolve many usability improvements which were pointed out to me:
1. Some maintainers like to extract their "uncodesigned tarball" inside the `output/` directory, resulting in the older `guix-attest` mistakenly attesting to the extracted contents
2. Maintainers whose GPG keys reside on an external smartcard often need to physically interact with the smartcard as a way to approve the signing operation, having one signature per platform means a lot of fidgeting
3. Maintainers wishing to sign on a separate machine now has the option of transferring only a subtree of `output/`, namely `output/*/SHA256SUMS.part`, in order to perform a signature (you may need to specify an `$OUTDIR_BASE` env var)
4. An `all.SHA256SUMS` file should be usable as the base `SHA256SUMS` in bitcoin core torrents and on the release server.
For those who sign on an separate machine than the one you do builds on, the following steps will work:
1. `env GUIX_SIGS_REPO=/home/achow101/guix.sigs SIGNER=achow101 NO_SIGN=1 ./contrib/guix/guix-attest`
2. Copy `/home/achow101/guix.sigs/<tag>/achow101` (which does not yet have signatures) to signing machine
3. Sign the `SHA256SUMS` files:
```bash
for i in "<path-to-achow101>/*.SHA256SUMS"; do
gpg --detach-sign --local-user "<your-key-here>" --armor --output "$i"{.asc,}
done
```
5. Upload `<path-to-achow101>` (now with signatures) to `guix.sigs`
-----
After this change, output directories will now include a `SHA256SUMS.part` fragment, created immediately after a successful build:
```
output
└── x86_64-w64-mingw32
├── bitcoin-4e069f7589da-win64-debug.zip
├── bitcoin-4e069f7589da-win64-setup-unsigned.exe
├── bitcoin-4e069f7589da-win64.zip
├── bitcoin-4e069f7589da-win-unsigned.tar.gz
└── SHA256SUMS.part
```
These `SHA256SUMS.part` fragments look something like:
```
3ebd7262b1a0a5bb757fef1f70e7e14033c70f98c059bc4dbfee5d1992b25825 dist-archive/bitcoin-4e069f7589da.tar.gz
def2e7d3de5ab3e3f955344e75151df4f33713f9101f5295bd13c9375bdf633b x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-debug.zip
643049fe3ee4a4e83a1739607e67b11b7c9b1a66208a6f35a9ff634ba795500e x86_64-w64-mingw32/bitcoin-4e069f7589da-win64-setup-unsigned.exe
a247a1ccec0ccc2e138c648284bd01f6a761f2d8d6d07d91b5b4a6670ec3f288 x86_64-w64-mingw32/bitcoin-4e069f7589da-win-unsigned.tar.gz
fab76a836dcc592e39c04fd2396696633fb6eb56e39ecbf6c909bd173ed4280c x86_64-w64-mingw32/bitcoin-4e069f7589da-win64.zip
```
Meaning that they are valid `SHA256SUMS` files when `sha256sum --check`'d at the `guix-build-*/output` directory level
When `guix-attest` is invoked, these `SHA256SUMS.part` files are combined and sorted (by `-k2`, `LC_ALL=C`) to create:
1. `noncodesigned.SHA256SUMS` for a manifest of all non-codesigned outputs, and
3. `all.SHA256SUMS` for a manifest of all outputs including non-codesigned outputs
Then both files are signed, resulting in the following `guix.sigs` hierarchy:
```
4e069f7589da/
└── dongcarl
├── all.SHA256SUMS
├── all.SHA256SUMS.asc
├── noncodesigned.SHA256SUMS
└── noncodesigned.SHA256SUMS.asc
```
ACKs for top commit:
achow101:
ACK e2c40a4ed5272d72fea997bd936fba28bb753226
hebasto:
ACK e2c40a4ed5272d72fea997bd936fba28bb753226, tested on Linux Mint 20.1 (x86_64) with and w/o `NO_SIGN=1`. Changes in `contrib/guix/libexec/codesign.sh` and `contrib/guix/guix-verify` are reviewed only.
Tree-SHA512: 618aacefb0eb6595735a9ab6a98ea6598fce65f9ccf33fa1e7ef93bf140c0f6cfc16e34870c6aa3e4777dd3f004b92a82a994141879870141742df948ec59c1f
683d197970a533690ca1bd4d06d021900e87cb8b Use latest signapple commit (Andrew Chow)
Pull request description:
Update gitian and guix to use the same latest signapple commit.
Also changed guix to use the actual repo. The changes from the fork were incorporated upstream.
ACKs for top commit:
fanquake:
ACK 683d197970a533690ca1bd4d06d021900e87cb8b - sanity checked that the updated package is built:
Tree-SHA512: a4981f8bbe33e6c5654632bc9b9f6f2f1e675741a19ac7296205e370f1e64a747101ecb632e0cc82a0134e4c2e9ce47b3f7b4d8c8f75f0f06dd069c078303759
ee883201cf134952284632e9e9ae72bf1c8c792f guix: repro: Sort find output in libtool for gcc-8 (Carl Dong)
ee0a67c32a8861eab650bf8894af06807578eba0 codesigning: Use SHA256 as digest for osslsigncode (Windows) (Carl Dong)
38eb91eb0616ed6dbe34c23e11588d130fef07f8 guix: Add codesigning functionality (Carl Dong)
bac2690e6f683fcedb883fe1d32f3c33c628a141 guix: Package codesigning tools (Carl Dong)
0a2176d47767972e4cd5ed302c1dbeedece1708b guix: Reindent existing manifest.scm (Carl Dong)
c090a3e9238ba2df07875b4708e908d8dca4ed9b Makefile.am: use APP_DIST_DIR instead of hard-coding dist (Carl Dong)
Pull request description:
This is the last PR before we reach feature-parity with the Gitian process!
Note: I tried using the `Makefile` inside the distsrc to make the dmg instead of manually listing out the commands, but `make` seems to want to re-make a lot of other files which broke the dmg.
The workflow looks something like this:
1. `env [ FOO=bar... ] ./contrib/guix/guix-build` (add additional env vars as necessary)
2. Codesigners only:
1. Copy `guix-build-<short-id>/output/x86_64-apple-darwin18/bitcoin-<short-id>-osx-unsigned.tar.gz` and `guix-build-<short-id>/output/x86_64-w64-mingw32/bitcoin-<short-id>-win-unsigned.tar.gz` to signing computer
2. Codesign with `./detached-sig-create.sh` inside the tarball
3. Upload contents of `signature-{osx,win}.tar.gz` to https://github.com/bitcoin-core/bitcoin-detached-sigs (as a new tag)
3. Checkout new tag for `bitcoin-core/bitcoin-detached-sigs` with the detached signatures
4. `env [ FOO=bar... ] DETACHED_SIGS_REPO=<path/to/bitcoin-detached-sigs> ./contrib/guix/guix-codesign` (modify env vars as necessary)
5. Make sure `guix.sigs` is cloned and updated
6. `env GUIX_SIGS_REPO=<path/to/guix.sigs> SIGNER=0x96AB007F1A7ED999=dongcarl ./contrib/guix/guix-attest` (modify env vars as necessary)
7. Commit your new signatures and SHA256SUMS in `guix.sigs`
8. Optionally, after there are multiple signatures in `guix.sigs`: `env GUIX_SIGS_REPO=<path/to/guix.sigs> ./contrib/guix/guix-verify`
ACKs for top commit:
laanwj:
Tested ACK ee883201cf134952284632e9e9ae72bf1c8c792f
achow101:
ACK ee883201cf134952284632e9e9ae72bf1c8c792f
Tree-SHA512: e812a07a5f19f900600c70cb9c717769ef544a6c0c12760b5558b76b6b37df863257f3dbf38b0757e6e06e334470267e94c9f2bdbc27409d6837b1a0bfc6acbc
c90f6e51094a1ba4fb2aab35b78f23b6fda645d0 guix: Consistently use gcc-8 for $HOST (Carl Dong)
Pull request description:
Only non-base commit is the last commit: b5abb07d0d
Right now, here's what we use in Gitian:
- Linux: Focal's [`g++-8-<arch>-linux-gnu`](https://packages.ubuntu.com/focal/g++-8-aarch64-linux-gnu) (`8.4.0-3ubuntu1cross1`)
- MinGW-w64: Focal's [`g++-mingw-w64`](https://packages.ubuntu.com/focal/g++-mingw-w64) (`9.3.0-7ubuntu1+22~exp1ubuntu4`)
In Guix right now we use `gcc-9` across the board.
I think it makes more sense to use `gcc-8` across the board, as it doesn't suffer from the `memcmp` bug, and is what debian buster (stable) does, meaning it will be well tested ([`g++-mingw-w64`](https://packages.debian.org/buster/g++-mingw-w64), [`g++-aarch64-linux-gnu`](https://packages.debian.org/buster/g++-aarch64-linux-gnu)).
We can accomplish this somewhat easily using Guix as we have tighter control over the toolchain (see: b5abb07d0d).
Let me know your thoughts!
ACKs for top commit:
MarcoFalke:
Approach ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, haven't reviewed
laanwj:
Code review ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0
hebasto:
ACK c90f6e51094a1ba4fb2aab35b78f23b6fda645d0, I have reviewed the code and it looks OK, I agree it can be merged.
Tree-SHA512: 3e5b9297305232273323aa745ec417ed1be2418ead0e432db7742f5d5f45efe6e4a2ed44328731512cff4bfde80e5f2dc350a131b8b8fb9207a2ef66bce27ed2
a5550f877a2c46d01bb620ae051c0c8ed0fecd0b build: use -stdlib++-isystem with Clang 10 (fanquake)
51d9d1607f2e9d593693ca799393f068192e41aa guix: use Clang 10 for the macOS cross compile (fanquake)
b80a6af9e55325d444e117e85bbfc76d88d898a8 build: no longer patch threading out of ld64 (fanquake)
c29cba44b3706e0a2035e440e560f2d15d50433b build: Xcode 12.1, macOS SDK 10.15.6 (fanquake)
9ed2f19d385aa95f65807999bba2e18417b143dc build: native cctools 973.0.1, ld64 609 (fanquake)
f48f187cce7fa43646fb0d796c244e1515e763ec build: Clang 10.0.1 (Hennadii Stepanov)
9b193cd2a3ca20917611fbed56dfbcd8a39aeab8 build: libtapi 1100.0.11 (fanquake)
Pull request description:
Bumps our macOS toolchain to be using the following:
* Clang 10.0.1 (gitian) & Clang 10.0.0 (Guix)
* ld64 609
* libtapi 1100.0.11
* cctools 973.0.1
* Xcode 12.1
* macOS SDK 10.15.6
which are currently the most recent releases available as open source. See upstream [`cctools`](https://github.com/tpoechtrager/cctools-port/commits/973.0.1-ld64-609) and [`libtapi`](https://github.com/tpoechtrager/apple-libtapi/tree/1100.0.11).
This should improve the possibility of Apple ARM cross-compilation in depends.
This also removes our [patching out of pthreads usage](https://github.com/bitcoin/bitcoin/blob/master/depends/patches/native_cctools/ld64_disable_threading.patch) in `ld64`. There have been multiple changes since `ld64 450.3`, which have likely fixed the non-determinism we were working around. i.e from [InputFiles.cpp](https://opensource.apple.com/source/ld64/ld64-609/src/ld/InputFiles.cpp.auto.html):
```cpp
// <rdar://problem/15002251> make implicit dylib order be deterministic by sorting by install_name
std::sort(implicitDylibs.begin(), implicitDylibs.end(), DylibByInstallNameSorter());
```
```cpp
// <rdar://problem/42675402> ld64 output is not deterministic due to dylib processing order
std::sort(unprocessedDylibs.begin(), unprocessedDylibs.end(), [](const ld::dylib::File* lhs, const ld::dylib::File* rhs) {
return strcmp(lhs->path(), rhs->path()) < 0;
});
```
Guix Build:
```bash
find guix-build-$(git rev-parse --short=12 HEAD)/output/ -type f -print0 | env LC_ALL=C sort -z | xargs -r0 sha256sum
f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5 guix-build-a5550f877a2c/output/dist-archive/bitcoin-a5550f877a2c.tar.gz
4954dcf563c2d496b8d9fecd48f8e3f7fba2f319ffa254a5bc8ee12cfee6acf0 guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.dmg
8f6095b445c7f1a8e6accd86bb7f0696d5849402084927d2b726b7d557831c3a guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx-unsigned.tar.gz
cc40f25477b4defc1617ae694313d80f307ddf6742fe6cc85c6bc0e215ef8be0 guix-build-a5550f877a2c/output/x86_64-apple-darwin18/bitcoin-a5550f877a2c-osx64.tar.gz
```
Gitian Build:
```bash
Generating report
506a8abdefe559999b43dd9f14905b9b2b5a3363b1cd013d45ae47acc1f7ef6c bitcoin-a5550f877a2c-osx-unsigned.dmg
f606997f74026dd12d110d683c6f116b40df324836904ef507dd7ac787e6ebe2 bitcoin-a5550f877a2c-osx-unsigned.tar.gz
5b495ef15f2c3260c2950921b61326912a9bf533cccd51e13818809fd225489e bitcoin-a5550f877a2c-osx64.tar.gz
f6c3817b8fe5f7370299d1ae2533e4a3acd313ba9f9aa8d423a8956117e52dd5 src/bitcoin-a5550f877a2c.tar.gz
9eb0221e962d2839770963bd03c6c9e98e8bf3078566bee2ae42f06233a710fa bitcoin-core-osx-22-res.yml
Done.
```
ACKs for top commit:
hebasto:
ACK a5550f877a2c46d01bb620ae051c0c8ed0fecd0b
Tree-SHA512: 504c4b0f9cd3b939714a322298320c5bde07e9356a48a9a000060b36f8dce4d6134ed60c3a5188810476a28ec5b108733eabbc6fb8053231b9ea8a494cc91b12
7476b46f1893a4858616d2a8456a7c43238851ed guix: Build dmg as a static binary (Carl Dong)
06d6cf6784421290e6235fe8684d5e08ed6f1b62 depends: libdmg-hfsplus: Skip CMake RPATH patching (Carl Dong)
65176ab5730dff34466caaecdd292625ef8294fc guix: Remove codesign_allocate+pagestuff from unsigned tarball (Carl Dong)
ca85679eb43b8375a95d82101977829d08fb1e1b guix: Use clang-toolchain instead of clang (Carl Dong)
1aec0eda8fd31a57b0621eea616398017c2ead98 guix: Fallback to local build for substitute-enabled Guix users (Carl Dong)
1742f8e12d163852df09575e03edcd3db73198ee guix: Add early health check for guix-daemon (Carl Dong)
c1ae726a13ecfa5e7e9fdc3030a8110b8bb263f8 guix: More thoroughly control native toolchain (Carl Dong)
39741128d3775d198dbee34dc827353bfd18acd8 guix: Supply --link-profile (Carl Dong)
d55a1056ee565afed64e42d6f6efb6b0adc5599b guix: Add troubleshooting documentation entries (Carl Dong)
7f401c953f8bb3574cec48561e13ef3b47dedc6e guix: Adapt guix-build to prelude, restructure hier (Carl Dong)
4eccf063b252bfe256cf72d363a24cf0183e926e guix: Remove guix-build.sh filename extension (Carl Dong)
7753357a7bae98ec775c707b9dec4cea1e945802 guix: Add source-able bash prelude and utils (Carl Dong)
e5b49a01f5d0f631e7f08f86ca8a2c2b8213319f guix: Create windeploy inside distsrc-* (Carl Dong)
3e9982ab3877eb8fe0a8c0cb3d847ac0913c7336 contrib: Silence git-describe when looking for tag (Carl Dong)
d5a71e97853ea9e1b879e8c76bfb01d4bef33172 guix: Use --cores instead of --max-jobs (Carl Dong)
Pull request description:
This PR addresses a few hiccups encountered by the brave souls who've been experimenting with the Guix scripts:
- Resolves confusion between `--cores=` and `--max-jobs=`
- `guix`'s `--cores=` actually corresponds to make's `--jobs=`, so let's just control `--cores=` with our overridable env var
- `git-describe` will scream `fatal: no tag exactly matches '<hash>'` when looking for a tag, but we don't care, so silence that
- `windeploy/unsigned` should be inside `distsrc-*` and created idempotently (sorry I know this one annoyed people)
- Add troubleshooting documentation to `README.md`
- Add early health check for `guix-daemon` in case user forgot to start a `guix-daemon`
- Depending on configuration, a `--fallback` flag may be needed to tell Guix to not fail if substitutes fail but fallback to building locally
- `codesign_allocate` and `pagestuff` are now unnecessary for codesigning as we're now using `signapple`
A few robustness changes are also included:
- We supply the `--link-profile` flag, as some Guix packages may expect the profile to be available under `$HOME/.guix-profile`
- We now clear and manually set all toolchain-related env vars (e.g. `C*_INCLUDE_PATH`) ourselves, after patching a Qt::moc bug
- We use the native `clang-toolchain` package for darwin builds instead of `clang`, lining up with all our other toolchain packages.
Finally, we restructure the guix building hierarchy such that it looks something like:
```
guix-build-<short-hash-or-version-tag>
├── distsrc-<short-hash-or-version-tag>-${HOST}
│ ├── contrib
│ ├── depends
│ ├── src
│ └── ...
├── distsrc-<short-hash-or-version-tag>-...
└── output
├── dist-archive
│ └── bitcoin-<short-hash-or-version-tag>.tar.gz
├── *-linux-*
│ ├── bitcoin-<short-hash-or-version-tag>-*-linux-*-debug.tar.gz
│ └── bitcoin-<short-hash-or-version-tag>-*-linux-*.tar.gz
├── x86_64-apple-darwin18
│ ├── bitcoin-<short-hash-or-version-tag>-osx64.tar.gz
│ ├── bitcoin-<short-hash-or-version-tag>-osx-unsigned.dmg
│ └── bitcoin-<short-hash-or-version-tag>-osx-unsigned.tar.gz
└── x86_64-w64-mingw32
├── bitcoin-<short-hash-or-version-tag>-win64-debug.zip
├── bitcoin-<short-hash-or-version-tag>-win64-setup-unsigned.exe
├── bitcoin-<short-hash-or-version-tag>-win64.zip
└── bitcoin-<short-hash-or-version-tag>-win-unsigned.tar.gz
```
Separating guix builds by their version identifier (basically namespacing them) allows us to change the layout in the future without worry about potential naming conflicts.
ACKs for top commit:
sipa:
ACK 7476b46f1893a4858616d2a8456a7c43238851ed
laanwj:
ACK 7476b46f1893a4858616d2a8456a7c43238851ed
Tree-SHA512: 0e899aa941aafdf552b2a7e8a08131ee9283180bbef7334439e2461a02aa7235ab7b9ca9c149b80fc5d0a9f4bbd35bc80fcee26197c0836ba8eaf2d86ffa0386
c967fb7fb97a86fc434912d0fff621f9f50dfe80 guix: Remove libcap from manifest (Hennadii Stepanov)
7bbb409314c63750a9731dedaaf6dd6ecd17d988 guix: Update darwin native packages dependencies (Hennadii Stepanov)
Pull request description:
It is a #20470 follow up.
ACKs for top commit:
fanquake:
ACK c967fb7fb97a86fc434912d0fff621f9f50dfe80
Tree-SHA512: 66ce05770f578ba61a44c58747c5a2669f425a989ed987838058bd86e3b49e342ac5a4f8852fc49f2b3a86b58fb6a340fdf3e34c1fc19bdab910729febba4bc7